Physical Design of vSphere Update Manager for Consolidated SDDC

<

You use the vSphere Update Manager service on each vCenter Server Appliance and deploy a vSphere Update Manager Download Service (UMDS) in Region A and Region B to download and stage upgrade and patch data.

Networking and Application Design

You can use the vSphere Update Manager as a service of the vCenter Server Appliance. The Update Manager server and client components are a part of the vCenter Server Appliance.

You can connect only one vCenter Server instance to a vSphere Update Manager instance.

To restrict the access to the external network from vSphere Update Manager and vCenter Server, deploy a vSphere Update Manager Download Service (UMDS) in the region containing the Consolidated vCenter Server Appliance.

UMDS downloads upgrades, patch binaries and patch metadata, and stages the downloaded data on a Web server. The local Update Manager servers download the patches from UMDS.

Figure 1. vSphere Update Manager Logical and Networking Design

Deployment Model

vSphere Update Manager is pre-installed in the vCenter Server Appliance. After you deploy or upgrade the vCenter Server Appliance, the VMware vSphere Update Manager service starts automatically.

In addition to the vSphere Update Manager deployment, two models for downloading patches from VMware exist.

Internet-connected model

The vSphere Update Manager server is connected to the VMware patch repository to download patches for ESXi hosts and virtual appliances. No additional configuration is required, other than scan and remediate the hosts as needed.

Proxied access model

For security reasons, vSphere Update Manager is placed on a safe internal network with no connection to the Internet. It cannot download patch metadata. You deploy UMDS to download and store patch metadata and binaries to a shared repository. vSphere Update Manager uses the shared repository as a patch datastore before remediating the ESXi hosts.

Table 1. Update Manager Physical Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

CSDDC-OPS-VUM-001

Use the vSphere Update Manager service on the Consolidated vCenter Server Appliance for patch management.

Reduces the number of management virtual machines that need to be deployed and maintained within the SDDC.

Enables centralized, automated patch and version management for VMware vSphere and offers support for VMware ESXi hosts, virtual machines, and virtual appliances managed by the consolidated vCenter Server.

Use the network settings of the vCenter Server Appliance for vSphere Update Manager.

Simplifies network configuration because of the one-to-one mapping between vCenter Server and vSphere Update Manager. You configure the network settings once for both vCenter Server and vSphere Update Manager.

None.

CSDDC-OPS-VUM-004

Deploy and configure a UMDS virtual machine.

Limits direct access to the Internet from vSphere Update Manager on Consolidated vCenter Server, and reduces storage requirements on each instance.

You must maintain the host operating system (OS) and the database used by the UMDS.